Cyber Week in Review: November 9, 2023

United States, Japan, and South Korea to launch consultative group on North Korean cyber operations

Early this week, the United States, South Korea and Japan announced they would be joining forces in countering illegal North Korean cyber hacking activities through the launch of a high-level consultative group. The formal announcement comes after August 2023 meetings at Camp David, in which the three countries discussed a plan to combat North Korean cyber-attacks. North Korean hacking has been a major problem for South Korea and Japan, which have both faced frequent attacks from North Korean threat actors like Lazarus Group. North Korea has also used its cyber capabilities to steal enormous quantities of cryptocurrency, with U.S. officials estimating that North Korea’s cyber operations provide at least half of all funding for North Korea’s ballistic missile program. U.S. Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger noted in an October briefing: “[North Korean hacking] is a priority for the U.S., it’s a priority for our partnerships in the region, and we will be working ever more closely to tackle this problem together.”

Baidu reportedly ordering AI chips from Huawei

Baidu ordered more than 1,500 new microchips for its artificial intelligence models from Huawei in August of this year, according to a report from Reuters. Baidu bought most of its advanced microchips from American chip firm Nvidia prior to last year. However, U.S. export controls have prevented Baidu from buying Nvidia’s advanced A100 series chips since last year, and its slightly less advanced A800 series chips since October. Baidu has been developing some of China’s most advanced AI models for the past several years, unveiling its own chatbot, Ernie Bot, in August. Chip production continues to be a key geopolitical concerns for the Chinese government, and it has been pouring money into microchip development over the past five years; this week the China Integrated Circuit Industry Investment Fund, colloquially known as the Big Fund, invested almost $2 billion in Chinese memory chip startup Changxin Xinqiao Memory Technologies.

Senators push bipartisan bill to codify NIST AI Standards

Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and Sen. Jerry Moran (R-KA) proposed a bill, the Federal Artificial Intelligence Risk Management Act, that expands on the AI safety standards outlined in the Biden administration’s Executive Order on AI last week. The new bill would require federal agencies to follow the National Institute of Standards and Technology’s (NIST) Artificial Intelligence Risk Management Framework [PDF]. The Executive Order cites the NIST framework numerous times as a benchmark for AI safety, although the order makes clear that the use of the framework is voluntary. Warner and Moran’s bill would require federal agencies to follow the framework. The bill would also direct the Office of Management and Budget to establish an initiative to provide AI expertise to agencies, mandate that any AI system procured by an agency NIST’s framework, and gives NIST ninety days to study and recommend a set of voluntary standards evaluation, verification, and validation of artificial intelligence systems before they are acquired. House of Representative member Ted Lieu (D-CA) plans to introduce companion legislation for consideration in the House.

Meta will require political advertisers to disclose use of AI in creating ads

Meta announced that starting next year it is requiring organizations who place political ads to disclose when they use AI software to generate part or all of those ads. Meta will also prohibit advertisers from using AI tools built into Meta’s ad platform to generate ads under a variety of categories, including housing, credit, financial services, and employment, among others, according to a report from Reuters. Meta had announced the launch of AI tools capable of expanding images, generating backgrounds, and adapting existing text in October, but had not rolled out the tools yet. Meta’s political advertising policies have been the focus of scrutiny since it was revealed that the Internet Research Agency, a Russian company that played a large role in interfering in the 2016 U.S. election, bought nearly three thousand political ads on Facebook in the run up to the election.

Mozi botnet mysteriously shut down

In August 2023, the security firm ESET observed a precipitous drop in Mozi botnet activity, indicating that the botnet had most likely been shut down by a kill switch. Mozi was first discovered in 2019 infecting poorly secured internet of things (IoT) devices and could use those infected devices to flood websites with traffic as part of distributed denial of service attacks. The botnet was used in distributed denial of service attacks ESET researchers also discovered the kill switch used to shut down the botnet, and said that it had significant similarities to the original code of Mozi, indicating that the same group created both the original Mozi botnet code and the kill switch. Mozi’s creators were arrested by Chinese authorities in August 2021, but the botnet has remained active since then. It’s unclear whether the takedown was compelled by Chinese authorities, or whether the original authors took it down on their own. U.S. authorities previously launched a similar takedown against the QakBot botnet in August. Ivan Bešina, senior malware researcher for ESET, said that the kill switch authors “did the maximum they could to avoid reinfection with the original Mozi or another malware" when the distributed the kill switch to affected devices. 

Eva Schwartz is the intern for the Independent Task Force program.